Critical Authentication Bypass in MOVEit Automation (CVE‑2026‑4670) Enables Unauthorized Access and Privilege Escalation
What It Is – Progress Software disclosed two critical flaws in MOVEit Automation: an authentication‑bypass (CVE‑2026‑4670) and a privilege‑escalation bug (CVE‑2026‑5174). Both affect the backend command‑port interface of versions 2025.1.4, 2025.0.8 and 2024.1.7 and earlier.
Exploitability – CVE‑2026‑4670 can be leveraged by unauthenticated attackers with low complexity; CVE‑2026‑5174 requires a valid login but allows rapid privilege escalation. No public exploits have been observed, but the flaws are “critical” and actively being patched.
Affected Products – Progress MOVEit Automation (enterprise managed‑file‑transfer workflow engine) – all on‑premises installations of the affected versions.
TPRM Impact – An attacker who gains admin control can harvest stored credentials, payroll or financial files, and pivot into the broader enterprise network, creating a supply‑chain risk for any organization that outsources file‑transfer services to a MOVEit‑based provider.
Recommended Actions –
- Deploy the patched releases (2025.1.5, 2025.0.9, 2024.1.8) immediately via the full installer.
- Schedule a maintenance window; expect a brief service outage during upgrade.
- Review audit logs for anomalous log‑ins or privilege‑escalation events that may indicate prior exploitation.
- Validate that any third‑party vendors using MOVEit Automation have applied the fix.
- Re‑assess access controls around stored credentials in MOVEit tasks.
Source: Help Net Security – Critical MOVEit Automation auth bypass vulnerability fixed (CVE‑2026‑4670)